A Simpler ATO Process

This blog post is an excerpt from GovLoop’s recent self-paced, 10-minute course, “Security as Code: How to Simplify Compliance Authorizations.” Take the free course here.

Did you know that there is a simpler and shorter approach to the Authority to Operate (ATO) process using automated and auditable methods?

An ATO is a formal declaration by a senior-level agency official that authorizes an IT system or product to operate on government networks.

Authority to Operate on Amazon Web Services (ATO on AWS)  is a program that provides resources to independent software and cloud service providers that aspire to achieve the compliance authorizations, such as the Federal Risk and Authorization Management Program (FedRAMP) and Defense Federal Acquisition Regulation Supplement (DFARS).

ATO on AWS is a partner-driven process that includes training, tools, pre-built templates, details for implementing security measures and more. The ultimate goal is to help companies align with the necessary security standards required of government systems. For example, GitHub is one of the program partners that assists other companies with compliance efforts. It also offers a secure software sharing platform for organizations to collaborate during the ATO process.

But what does this specifically mean for agencies?

Agencies are consumers and users of the software services that companies provide. Too often, time is wasted documenting a snapshot of system security at a point in time. The goal of ATO on AWS is to provide an automated, simplified way to continuously verify IT systems as software resources or code. That way, they can spend less time parsing cumbersome security documentation and more time validating new software releases and overall security on a continuous basis.

Companies such as GitHub are a part of the ecosystem of partners that provides expertise and capabilities through ATO on AWS.

Using ATO on AWS, agencies can replace the manual configuration of systems and services with automated and auditable security as code. Other benefits include greater assurance and support gaining compliance authorizations and increased speed to market for vendors. Agencies also gain the ability to assimilate development, operations and security practices into a governance as code cycle.

To learn more about ATOs, including the challenges and opportunities, take our free course here.

Photo by Fotis Fotopoulos on Unsplash

Leave a Comment

Leave a comment

Leave a Reply